https://bz.apache.org/bugzilla/show_bug.cgi?id=58750
--- Comment #14 from Phillip Webb <pw...@pivotal.io> --- I've been mulling this issue over a little bit more and I think that the arguments about whether removing the header offers any real world security or bandwidth benefits are a bit of a red herring. There's clearly some difference of opinion here, but regardless of why you'd want to remove the header, it still stands that it's currently not possible. If we put the argument of why to one side, and just focus on answering the question "How do I remove the server header?", what are the options? Is the suggested patch a sensible approach? Is there some other way to do it (a custom Http11Protocol implementation? some way to post-process headers?). I'm happy to try and rework the patch as required, or try to find a less invasive way to solve the problem. My ultimate goal is to just prove the request Spring Boot feature without needing to add a "but not on Tomcat" caveat. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
